IBM DOCKET NO. DE920030011US1 

Amendments to the Claims: 

* 

1 .(currently amended) Method for authenticating clients in a client-server environment, 
wherein said client-server environment uses a communication protocol that allows 
extensions of the header request without violating said communication protocol, wherein 
said cli e nt method comprises the steps of: 

generating a header requestfiO), 

inserting client authentication information into said header request resulting in an 
extended header request (20) independently of the authentication process used by said 
server and without server requesting authentication information, 

sending said extended header request to a server (30), 

and receiving information from said server if authentication has been successful (35,60), 

2. (original) Method according to claim 1, wherein said communication protocol is a 
HTTP-protocol. 

3. (original) Method according to claim 1, wherein said authentication information is 
included in the first header request for establishing a session with said server. 

4. (original) Method according to claim 1, wherein said authentication information 
comprises the client certificate containing client's name and client public key, and a 
digital signature which has been generated over a hash value of the header request 
including client certificate using Client private key. 

5. (currently amended) Method according to claim 1, wherein said authentication 
information is automatically inserted into said header request by the Client's client's 
browser. 
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6. (currently amended)Method according to claim 5, wherein said client browser receives 
said authentication information from a smart card (W) via a smart card reader. 

7. (currently amended)Method according to claim 1, wherein said authentication 
information is automatically inserted into said header request by a client signature 
component (20)-which receives said authentication information from a smart card (4G) 
via a smart card reader. 

8. (currently amended)Method for authenticating clients (la, lb) in a client-server 
environment, wherein said client-server environment uses a communication protocol that 
allows extensions of the header request without violating said communication protocol, 
wherein a system (32) establishes communication between said client (la, lb) and said 
server {2), wherein said oyotom(22) method comprises the steps of: 

receiving a header request from said clien t(la,lb) , 

inserting authentication information into said header request resulting in an extended 
header request(30) independently of the authentication process used by said server and 
without server requesting authentication information, 

sending said extended header request to a server and 

receiving information from said server if the authentication has been successful. 

9. (currently amended) Method according to claim 8, wherein said system (20) can be a 
proxy server, a gateway, or a tunnel. 

10. (currently amended)Method according to claim 8, wherein said communication 
protocol is the HTTP-protocol, and said authentication information is automatically 



3 



IBM DOCKET NO. DE920030011US1 

inserted into said HTTP-request header by said an insertion component (30) which 
receives said authentication information from a signature component (34). 

11. (original) Method according to claim 8, wherein said authentication information 
comprises the client certificate containing client's name and client's public key, and a 
digital signature which has been generated over the whole header request including client 
certificate using Client's private key. 

12. (original) Method for authenticating clients in a client-server environment, wherein 
said client-server environment uses a communication protocol that allows extensions of 
the header request without violating said communication protocol, wherein at said server 
side said method comprises the steps of: 

receiving a client header request containing authentication information, 

validating said authentication information contained in said header request by said server 
authentication component, and 

providing information to said client, if the authentication has been successful 

13. (original) Method according to claim 12, wherein said authentication information 
comprises the client certificate containing client's name and client's public key, and a 
digital signature which has been generated over the whole header request content using 
Client's private key. 

14. (original) Method according to claim 12, wherein said communication protocol is the 
HTTP -protocol, and said authentication component performs the steps of: 

accessing said public key contained in the client certificate, 

decrypting said digital signature contained in the HTTP-request header with said public 
key resulting in a hash value, 

applying the same hash algorithm as used by said client to said HTTP-request header, and 
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considering authentication as successful, if both hash values match. 

15. (currently amended) Server System (3) for authenticating clients ft) in a client-service 
environment, wherein said client-server environment uses a communication protocol that 
allows extensions of the header request without violating said communication protocol, 
wherein said client f±) provides authentication information in the header request to said 
server system, wherein said server system @) comprising: 

an authentication component (4) with the functionality to read said authentication 
information contained in the incoming client header request, and to validate said 
authentication information without having requested said authentication information from 
said client. 

16. (currently amended) Client System to be authenticated by a server system in client- 
server environment, wherein said client-server environment uses a communication 
protocol that allows extensions of the header request without violating said 
communication protocol, wherein said client system comprising: comprises: 

a browser (3), and 

a component for inserting client authentication information into said header request 
independently of the authentication process used by said server and without server 
requesting authentication information. 

17. (original) Client System according to claim 16, wherein said authentication 
information comprises the client certificate containing client's name and client's public 
key, and a digital signature which has been generated over the hash value of the header 
request content using Client's private key. 

18. (currently amended) Client System according to claim 16, further comprising 
a smart card reader (4-0), and 
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a smart card (i-0) with a security module containing client's private key and a client 
certificate containing client name and private key, wherein said smart card provides said 
certificate together with a digital signature to said inserting component, wherein said 
digital signature is the result of an encryption of a hash value of said header request 
containing said certificate information by means of said private key. 

19. (currently amended) Proxy Server system (33) for providing client authentication 
information to a server system (3), wherein said proxy server system (23) has a 
communication connection with a client system (la, lb) and a server system (3), wherein 
said communication protocol used between said systems allows extensions of the header 
request of said header request without violating said communication protocol, wherein 
said proxy server system (33) comprising: 

a proxy insertion component (3©)-for inserting the client certificate and digital signature 
into the header request received from said client independently of the authentication 
process used by said server and without server requesting authentication information, and 

a signature component (34) for creating a digital signature and for providing it together 
with said client certificate to said proxy insertion component (30). 

20. (currently amended) Computer program product stored in the internal memory of a 
digital computer, containing ports of software code to execute th e m e thod in accordance 
with claim 1 1 4 if th e product is run on the computer, comprising a storage media for 
storing program instructions, said program instructions, when executed on a computer, 
causing the computer to perform a method for authenticating clients in a client-server 
environment, wherein the client-server environment uses a communications protocol that 
allows extensions of a header request, said method comprising the steps of: 

generating a header request. 
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inserting client authenti cation information into said header request resulting in an 
extended header reques t independently of the authentication process used bv said server 
and without server requesting authentication information, 

sending said extended header request to a server. 

and receiving information from said server if authentication has been successful. 
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